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DETAILED ACTION 
Response to Amendment 

1 . Applicant’s arguments with respect to claims have been considered but are moot 
in view of the new ground(s) of rejection. Applicant argues that in claim 1 "the IP 
connectivity is provided after authenticating the wireless terminal. " This argument is 
moot in view of new grounds of rejection, namely, Ala-Laurila et al. (2002/0009199). 
Ala-Laurila discloses a WLAN network wherein IP is allocated to a mobile terminal only 
after the mobile terminal is authenticated. 

2. Applicant argues that “PPPoE is not EAP.” PPPoE, Point-to-Point Protocol over 
Ethernet, is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames 
inside Ethernet frames. By using PPPoE, one can connect one machine to another 
machine over an Ethernet network to establish a point to point connection between 
them and then securely transporting data packets over the connection. 

Similarly Extensible Authentication Protocol, or EAP, is a universal authentication 
framework frequently used in wireless networks and Point-to-Point connections. 
Applicant's argument that in Haverinen, the challenge-response authentication is not 
carried on top of the PPPoE is not persuasive. Because both PPPoE and EAP are 
similar point to point protocols. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



4. Claim 1-5,7-13, 15-22, and 24-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Haverinen et al. (2002/0,012,433) in view of Ala-Laurila et al. (US 
2002/0009199). 



With respect to claim 1, Haverinen discloses a method in a telecommunication 
system for allowing a SIM-based authentication to users of a wireless local area 
network who are subscribers of a public land mobile network (See Haverinen’s 
abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - 
[0258]), the method comprising: 

(a) a wireless terminal accessing the wireless local area network through an 
accessible Access Point (See Haverinen’s abstract, see figure 7 & 8, sections [0242] 
- [0244], [0247], [0249] - [0251], [0255] - [0258]); 

(b) discovering an Access Controller interposed between the Access Point and the 
public land mobile network from the wireless terminal (See Haverinen’s abstract, see 
figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - [0258]); 




Application/Control Number: 

10/510,498 

Art Unit: 2617 



Page 4 



(c) carrying out a challenge-response authentication procedure between the wireless 
terminal and the public land mobile network through the Access Controller (See 
Haverinen’s abstract, section [0018], [0020], [0021], [0022], [0029], [0034], [0109], 
[0138], [0170], [0315], see additional information at section [0009] - [0013]), the 
wireless terminal provided with a SIM card and adapted for reading data thereof (See 
Haverinen’s abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - 
[0251], [0255] - [0258]); 

- on top of a Point-to-Point layer 2 protocol (PPPoE) between the wireless 
terminal and the Access Controller (See Haverinen’s [0343]); and 

- on an authentication protocol residing at an application layer between the 
public land mobile network and the Access Controller (See Haverinen’s [0003], [0263]- 
[0269]); and the method further comprising: 

(d) offering the IP connectivity to the user at the wireless terminal, by sending an 
assigned IP address and other network configuration parameters, once said user 
has been validly authenticated by the public land mobile network (See Haverinen’s 
abstract, section [0014] - [0029], [0343]). Haverinen discloses everything as applied 
to claim 1 , except for explicitly reciting that authentication take place before having 
provided IP connectivity to the user. In analogous art of WLAN communication system, 
Ala-Laurila discloses a WLAN communication system wherein IP connectivity to the 
user is provided only after the user is authenticated (See Ala-Laurila’s section 
[0020]). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the invention of Haverinen by by specifically requiring that 
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a user is authenticated before providing him IP connectivity, for the purpose of secure 
data communication. 

With respect to claim 15, Haverinen discloses an Access Controller in a 
telecommunication system that comprises a wireless local area network including at 
least one Access Point, a public land mobile network, and at least one wireless terminal 
provided with a SIM card and adapted for reading subscriber data thereof (See 
Haverinen’s abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - 
[0251], [0255] - [0258]), the Access Controller comprising: 

a Point-to-Point layer 2 protocol (PPPoE) server for communicating with the 
wireless terminal over a PPPoE protocol, the PPPoE server being arranged for 
tunneling a challenge-response authentication procedure (See Haverinen’s abstract, 
section [0343], [0018], [0020], [0021], [0022], [0029], [0034], [0109], [0138], [0170], 
[0315], see additional information at section [0009] - [0013]); and 

an authentication client for communicating with the public land mobile network, 
wherein the authentication client is configured to implement an authentication protocol 
residing at an application layer. Haverinen discloses everything as applied to claim 1, 
except for explicitly reciting that authentication take place before having provided IP 
connectivity to the user. In analogous art of WLAN communication system, Ala-Laurila 
discloses a WLAN communication system wherein IP connectivity to the user is 
provided only after the user is authenticated (See Ala-Laurila’s section [0020]). It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify the invention of Haverinen by by specifically requiring that a user is 
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authenticated before providing him IP connectivity, for the purpose of secure data 
communication. 

With respect to claim 25, Haverinen discloses a telecommunication system 
comprising a wireless local area network that includes at least one Access Point, a 
public land mobile network, at least one wireless terminal provided with a SIM card and 
adapted for reading subscriber data thereof, and the Access Controller in claims 15 for 
allowing SIM-based subscriber authentication to users of the wireless local area 
network who are subscribers of the public land mobile network (See Haverinen’s 
abstract, see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - 
[0258]). 

With respect to claim 2, Haverinen discloses a method wherein the step (b) 
includes establishing a Point-to-Point Protocol session between a Point-to-Point over 
Ethernet (PPoE) Protocol client in the wireless terminal and a Point-to-Point over 
Ethernet (PPoE) Protocol server in the Access Controller (See Haverinen’s abstract, 
see figure 7 & 8, sections [0242] - [0244], [0247], [0249] - [0251], [0255] - [0258]). 

With respect to claim 3, Haverinen discloses a method wherein the step (c) (See 
Haverinen’s abstract, section [0018], [0020], [0021], [0022], [0029], [0034], [0109], 
[0138], [0170], [0315], see additional information at section [0009] - [0013]) 
includes: 

(cl) sending a user identifier from the wireless terminal to the public land mobile 
network through the Access Controller (See Haverinen’s see figure 9, section [0263]- 
[0279]); 
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(c2) receiving an authentication challenge at the wireless terminal from the 
public land mobile network via the Access Controller (See Haverinen’s see figure 9, 
section [0263]-[0279]); 

(c3) deriving encryption key and authentication response at the wireless terminal 
from the received authentication challenge (See Haverinen’s see figure 9, section 
[0263]-[0279]); 

(c4) sending the authentication response from the wireless terminal to the public 
land mobile network through the Access Controller (See Haverinen’s see figure 9, 
section [0263]-[0279]); 

(c5) receiving at the Access Controller an encryption key from the public land 
mobile network (See Haverinen’s see figure 9, section [0263]-[0279]); and 
(c6) extracting the encryption key received for further encryption of 
communication path with the wireless terminal (See Haverinen’s see figure 9, section 
[0263]-[0279]). 

With respect to claim 4, Haverinen discloses a method further comprising shifting 
authentication information received on top of the Point-to-Point layer 2 protocol upwards 
to the authentication protocol residing at the application layer for submissions toward 
the public land mobile network (See Haverinen’s see figure 9, section [0285]-[0305]). 

With respect to claim 5, Haverinen discloses a method further comprising the 
step of shifting authentication information received on the authentication protocol 
residing at application layer downwards on top of the Point-to-Point layer 2 protocol for 
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submissions toward the wireless terminal (See Haverinen’s see figure 9, section 
[0285]-[0305]). 

With respect to claim 7, Haverinen discloses a method wherein the step (d) 
includes a previous step of requesting the assigned IP address from a Dynamic Host 
Configuration Protocol server (See Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 8, Haverinen discloses a method wherein the 
communication between the Access Controller and the public land mobile network goes 
through an Authentication Gateway of said public land mobile network (See 
Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 9, Haverinen discloses a method wherein the 
communication between the Access Controller and an Authentication Gateway of the 
public land mobile network goes through an Authentication Server of the wireless local 
area network in charge of authenticating local users of said wireless local area network 
who are not mobile subscribers (See Haverinen’s see figure 9, section [0263]- 
[0279]). 

With respect to claim 10, Haverinen discloses a method wherein the user 
identifier in step (c) comprises a Network Access Identifier (See Haverinen’s see 
figure 16, section [0346], [0371]). 

With respect to claim 1 1 , Haverinen discloses a method wherein the user 
identifier in step c) comprises an International Mobile Subscriber Identity (See 
Haverinen’s see figure 9, section [0263]-[0279], see additional information at 
section [0242], [0244], [0247], [0250], [0255], [0258]). 
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With respect to claim 12, Haverinen discloses a method wherein the 
authentication protocol residing at the application layer in step (c) is an Extensible 
Authentication Protocol (See Haverinen’s see figure 16, section [0342] -[0347], 
[0348]-[0350]). 

With respect to claim 13, Haverinen discloses a method wherein this Extensible 
Authentication Protocol is transported over a RADIUS protocol (See Haverinen’s see 
figure 16, section [0342]-[0347], [0348]-[0350] and [0323]). 

With respect to claim 16, Haverinen discloses an Access Controller wherein 

the authentication dine is configured to shift information received on top of the 
Point-to-Point layer 2 protocol upwards to the authentication protocol residing at the 
application layer (See Haverinen’s see figure 9, section [0285]-[0305]); and 
wherein the PPPoE server is configured to shift information received on the 
authentication protocol residing at the application layer downwards on top of the Point- 
to-Point layer 2 protocol (PPPoE) (See Haverinen’s see figure 9, section [0285]- 
[0305]). 

With respect to claim 17, Haverinen discloses an Access Controller wherein the 
Access Controller is adapted for requesting an IP address from a Dynamic Host 
Configuration Protocol server, after a user has been successfully authenticated by his 
public land mobile network (See Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 18, Haverinen discloses an Access Controller wherein the 
Access Controller is adapted for communicating with a wireless terminal via an Access 
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Point (See Haverinen’s abstract, see figure 7 & 8, sections [0242] - [0244], [0247], 
[0249] - [0251], [0255] - [0258]). 

With respect to claim 19, Haverinen discloses an Access Controller wherein the 
Access Controller is adapted for communicating with the public land mobile network via 
an Authentication Gateway (See Haverinen’s see figure 9, section [0263]-[0279]). 

With respect to claim 20, Haverinen discloses an Access Controller wherein the 
Access Controller is adapted for communicating with an Authentication Gateway via an 
Authentication Server responsible for authenticating local users of the wireless local 
area network (See Haverinen’s see figure 9, section [0263] -[0279]). 

With respect to claim 21, Haverinen discloses an Access Controller wherein the 
authentication protocol residing at the application layer is an Extensible Authentication 
Protocol (See Haverinen’s see figure 16, section [0342] -[0347], [0348]-[0350]). 

With respect to claim 22, Haverinen discloses an Access Controller wherein the 
Extensible Authentication Protocol is transported over a RADIUS protocol (See 
Haverinen’s see figure 16, section [0342]-[0347], [0348]-[0350] and [0323]). 

With respect to claim 24, Haverinen discloses a wireless terminal capable of carrying 
out a challenge-response authentication procedure, the wireless terminal comprising a 
client configured to act as a Point- to-Point layer 2 protocol (PPPoE) client, wherein an 
Extensible Authentication Protocol is carried on top of a Point-to-Point layer 2 protocol 
(See Haverinen’s see figure 9, section [0285]-[0305]). 
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5. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverinen et al. (2002/0,012,433) in view of Fink et al. (US 7,043,633). 

With respect to claim 6, Haverinen discloses a method of establishing at the 
wireless terminal an encryption path by using the previously derived encryption keys at 
the Access Controller and wireless terminal. Haverinen does not disclose a symmetric 
encryption. But Fink et al. discloses this limitation (See Fink et al. figure 4, col.8 lines 
3-20). Therefore, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Haverinen and combine it with Fink, 
thereby providing a system that uses symmetric encryption as disclosed by Fink et al. 
(See Fink et al. figure 4, col.8 lines 3-20). 

6. Claims 14, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Haverinen et al. (2002/0,012,433) in view of Amin et al. (US 6,854,014). 

With respect to claim 14 and 23, Haverinen discloses a method wherein the 
Extensible Authentication Protocol is used. Haverinen does not disclose the EAP is 
transported over a Diameter protocol. But Amin et al. discloses this limitation (See 
Amin's col.2 lines 3, lines 9-10, lines 66-67, col.3 line 1). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the invention of Haverinen and combine it with Amin, thereby providing a system 
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that uses Diameter protocol, as disclosed by Amin et al. (See Amin's col.2 lines 3, 
lines 9-10, lines 66-67, col.3 line 1). 



Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SAYED T. ZEWARI whose telephone number is 
(571 )272-6851 . The examiner can normally be reached on 8:30-4:30. 

8. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s 
supervisor, Lester G. Kincaid can be reached on 571-272-7922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

9. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Sayed T Zewari/ 
Examiner, Art Unit 2617 
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